it should happen during start-up.
I would argue for
- we log "minimum supported version is 1.2" and go on
or
- we log "minimum supported version is 1.2" and exit
both is acceptable. It will break people's setups in different ways,
though... the first will pretend all is well, and older clients can no
longer connect, while the second one will break everything, so making it
more obvious.
Strong vote for going on. On many OpenSSL configuration and also
distribution trying to use TLS 1.0 will already silently give you only
TLS 1.2+. So no reason to behave different with mbed TLS.
Arne
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
